Authors: Jeongin Lee, Chaejin Lim, Beomjin Jin, Moohong Min, Hyoungshick Kim
DFRWS APAC 2025
Abstract
Communication data, such as instant messenger exchanges, SMS records, and emails, plays a critical role in digital forensic inves- tigations by revealing criminal intent, interpersonal dynamics, and the temporal structure of events. However, existing AI-based forensic tools frequently hallucinate unverifiable content, obscure their reasoning paths, and ultimately fail to meet the traceabil- ity and legal admissibility standards required in criminal investigations. To overcome these challenges, we propose DF-Graph, a graph-based retrieval-augmented generation (Graph-RAG) framework designed for forensic question answering over communi- cation data. DF-Graph constructs structured knowledge graphs from message logs, retrieves query-relevant subgraphs based on semantic and structural cues, and generates answers guided by forensic-specific prompts. It further enhances legal transparency through rule-based reasoning traces and citation of message-level evidence. We comprehensively evaluate DF-Graph across real- world, public, and synthetic datasets, including a narrative dataset adapted from Crime and Punishment. Our evaluation compares four approaches: (1) a direct generation approach using only a language model without retrieval; (2) a BERT embedding-based selective retrieval approach that identifies relevant messages before generation; (3) a conventional text-based retrieval approach; and (4) our proposed graph-based retrieval approach (DF-Graph). Empirical results show that DF-Graph consistently outperforms all baseline approaches in exact match accuracy (57.23%), semantic similarity (BERTScore F1: 0.8597), and contextual faithful- ness. A user study with eight forensic experts confirms that DF-Graph delivers more explainable, accurate, and legally defensible outputs, making it a practical solution for AI-assisted forensic investigations.